Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Patent
v1.0.0The Sovereign Invention & IP-Capture Engine. Standardizing the path from AI-generated novelty to global intellectual property protection and commercial monet...
⭐ 0· 365·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description promise broad capabilities (global semantic prior-art search, enforcement monitoring, automated licensing/filings). Yet the skill declares no binaries, no external APIs, no credentials, and no install — there is no clear mechanism to perform those tasks. The requested scope is disproportionate to what the skill actually requires or provides.
Instruction Scope
SKILL.md is high-level architecture and marketing prose rather than actionable runtime instructions. It does not specify what data sources, APIs, or commands to use; it is vague/open-ended. That vagueness could lead an autonomous agent to attempt broad data collection or unsupervised actions using whatever system access it has, since there are no guardrails or explicit limits.
Install Mechanism
No install spec and no code files — lowest surface area for hidden code. Nothing would be written to disk or installed by the skill as provided.
Credentials
The skill requests no environment variables or credentials, but its described capabilities would realistically require access to many external systems (patent office APIs, prior-art databases, marketplaces, payment/contract systems). That mismatch is suspicious: either it can't do what it claims, or it would require additional, undeclared privileges later.
Persistence & Privilege
always:false and no config paths or persistent behavior are declared. The skill does not request permanent presence or altered system settings.
What to consider before installing
This skill reads like an aspirational product specification rather than an implementable skill. Before installing or allowing an agent to use it: 1) Ask the author for a concrete runtime spec — what APIs, endpoints, and credentials it will use (USPTO/EPO APIs, prior-art indices, marketplace monitors, smart-contract platforms). 2) Require explicit declaration of any environment variables or accounts it will need and review those for proportionality. 3) Do not grant it autonomous permission to file legal documents, transfer funds, or create enforceable contracts — require human-in-the-loop approval for any filing or licensing action. 4) Verify the skill owner's identity and ask for audit/logging guarantees and a clear rollback/termination path. 5) If you expect it to actually perform filings or enforcement, insist on a staged test plan and security review of any code or third-party services it integrates with. Providing those details could move this assessment toward 'benign'; absent them, the mismatch between claims and implementation is a red flag.Like a lobster shell, security has layers — review code before you run it.
copyrightvk976vg2w3hbyzgb8dhykrwkr2d82h5jzinnovationvk976vg2w3hbyzgb8dhykrwkr2d82h5jzipvk976vg2w3hbyzgb8dhykrwkr2d82h5jzlatestvk976vg2w3hbyzgb8dhykrwkr2d82h5jzlegalvk976vg2w3hbyzgb8dhykrwkr2d82h5jzpatentvk976vg2w3hbyzgb8dhykrwkr2d82h5jz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.